October is National Cybersecurity Awareness Month (NCSAM), and this year’s theme is “Own IT. Secure IT. Protect IT.” We’ve discussed the overarching goals of NCSAM before, and began exploring the theme last week.
Part 2 of 3 in our NSCAM theme dives into an important part of Secure IT—Shake Up Your Passphrase Protocol: create strong, unique passphrases. We’ve covered building a strong passphrase before, but passphrases also need to be unique to be truly formidable. Why? Read on.
Reduce Password Reuse
Employees use many different programs at work, and it can be tempting to reuse the same password for some or all accounts. This [unsafe practice](https://www.defendify.io/cybersecurity-blog/2020/01/20/your-technology-and-data-use-policy-means-online-safety) is called “password recycling,” and it’s quite prevalent: a recent report showed that 59% of people use the same password for just about everything.
A password, no matter how strong, loses its purpose when recycled (i.e. reused). Here’s how it works:
- An employee creates an account using their work email and a recycled password. For this example, let’s say they ordered pizza for the office (it could be from a local shop or large franchise, but keep in mind even large and reputable companies can be breached).
- The pizza restaurant stores the employee’s login and password in their database, which is then breached by a cyberattacker.
- The cyberattacker tries the password on common business accounts: Google, Office365, etc. until they find a match (or matches). They now have access to all the employee’s work accounts and sensitive information—far beyond pizza preferences.
Using unique passwords and 2FA for each account is the best way to avoid this chain reaction. And if your password gets compromised, just trash it! It’s important to change your password immediately any time a Stolen Password Scan or other alert notifies you that your account is compromised.
Phrase Out Recycling
Creating and remembering all those passwords is tough, but the good news is there are plenty of alternatives to recycling.
As NCSAM recommends, using passphrases can help address this issue, as they are both long and memorable. Here’s an example—which would you rather remember?
- I ate 26 slices of pepperoni yesterday.
Both are strong, but the first passphrase is simpler to remember and type (not to mention more fun). It’s much easier to use unique passphrases than to remember multiple strong random passwords.
A Single (Sort) Solution
You can also explore technology to help customers enforce a unique password policy. A company-controlled password vault or single sign on (SSO) system is a great option that avoids the problem of remembering and typing passwords and may also improve productivity—employees won’t waste time forgetting and resetting their password and won’t get locked out and need to contact the help desk.
One consideration, however, is that this creates a single “point of failure,” so remind your customers to use a very strong passphrase and 2FA for the vault or SSO system login to keep everything else well-protected.
This NCSAM and throughout the year, shake up your passphrase protocol, and remember that recycling is for paper, not passwords!
Your Friends @ Defendify